Skyway West Launches Skyway DNS Firewall

Skyway West’s DNS Firewall is delivered as a cloud service located in Canadian Internet Exchange points and powered by CIRA (Canadian Internet Registration Authority). At the heart of Skyway’s DNS Firewall is a policy-enabled DNS server, which analyzes every outgoing query and response, comparing them to a block list to enforce security. This block list is dynamically updated for close to real time protection.

How do I use Skyway West’s DNS Firewall?

Skyway West customers using our current DNS servers do not have to do anything immediately. We will, however, be retiring the IP addresses associated with our current and legacy DNS services over the next several months, and urge all customers to change your Nameserver IP addresses to 216.251.142.142 and 74.50.239.1. The new servers are more powerful and are fully redundant, using multiple providers and data centres to ensure high availability to our customers.

Customers using a third party DNS like Google’s free public DNS service can use Skyway’s service just by changing their DNS settings as instructed above. In order for this to be effective, you must use our Nameserver addresses, and delete any third party address. If you do not wish to use the Skyway DNS Firewall, you may continue to use your own DNS resolver servers, or any public 3rd party resolver.

Contact Skyway Support to add premium filtering services or to force all DNS queries made on your premises through our DNS Firewall. Forcing all DNS queries through a DNS firewall is best practice to ensure mobile devices use the service.

Can I use this service if my IP address is not provided by Skyway?

You must be using a Skyway West provided IP address to access these services. To add sites not served by Skyway, contact our support team to register your static IP addresses. For internet access customers not served by Skyway, we charge $30/month per site served by DSL, cable or fixed wireless, $75/month for sites served by fibre speeds under 1000 Mbps, and $125/month for sites at 1000 Mbps or higher.

How can I see if the service is working?

Please visit http://blocklist.skywaywest.net If you have configured your DNS server correctly, you will receive a notice to say this page is blocked. If it shows anything else, please flush your cache and verify your settings.

How does a DNS firewall work?

Domain Name Servers (DNS) maintain a directory of domain names and translate them to Internet Protocol (IP) addresses, much like a phone book matches names to a phone number. Resolving domain names to IP addresses is necessary because computers and other machines access internet sites based on IP addresses. A DNS firewall blocks access to domain names that resolve to IP addresses associated with phishing attacks, malware, viruses, and fraudulent websites. A computer that is blocked will display a popup informing the user and asking them to inform their technical support. Note: we can only block traffic that uses the DNS to resolve a host name to an IP address, and therefore will not prevent the 9% of infected devices that reach an IP address without passing through a DNS.

Why use Skyway West’s DNS firewall?

Best practice internet security solutions use a “defence-in-depth” approach, layering levels of security beginning with the DNS as the outermost layer. This layer will not stop everything, but since 91% of all malware types have been shown to use the DNS it’s a great starting point for internet protection. Skyway West‘s DNS Firewall is delivered as a cloud service located in Canadian Internet Exchange points and powered by CIRA (Canadian Internet Registration Authority). At the heart of Skyway’s DNS Firewall is a policy-enabled DNS server, which analyzes every outgoing query and response, comparing them to a block list to enforce security. This block list is dynamically updated for close to real time protection. CIRA analyzes over 100 billion DNS queries every day, and each day adds over 100,000 new threats to the block list, managing this in part using data from Akamai‘s subsidiary Nominum who specialize in analyzing DNS queries from all over the world.

Best practice internet security solutions use a “defence-in-depth” approach, layering levels of security beginning with the DNS as the outermost layer. This layer will not stop everything, but since 91% of all malware types have been shown to use the DNS it’s a great starting point for internet security.

CIRA‘s mandate is to manage .ca domains, improve the Internet for Canadians and keep traffic within Canada. The Skyway DNS Firewall is similar to Cisco‘s Umbrella DNS firewall, but with two notable advantages: Skyway offers it for free, and we keep your traffic in Canada. Unlike Google‘s free public DNS services, Skyway West‘s DNS service is a firewall, keeps your DNS inquiries within Canada and is faster to respond because it is closer to you. Most importantly, we do not store the history of your DNS queries for marketing and promotional purposes. However, like Umbrella and Google, our DNS firewall service powered by CIRA‘s D-Zone is fully redundant using multiple providers and regions to ensure high availability to our customers.

Can Skyway West’s DNS firewall block a valid website?

The security of the internet is a constantly changing landscape. A site that was safe and secure yesterday may have been compromised overnight and may now be a known attack source. Though a rare occurrence, blocking valid sites is a concern with any firewall. If you feel a valid site is blocked, please send the full URL of the site in a message to our support team. We have a hot line directly to CIRA to unblock sites for specific customers until CIRA confirms the site is valid and permanently removes them from the block list.